[Secure-testing-commits] r2617 - data/CVE
Joey Hess
joeyh at costa.debian.org
Sun Oct 30 21:11:30 UTC 2005
Author: joeyh
Date: 2005-10-30 21:11:23 +0000 (Sun, 30 Oct 2005)
New Revision: 2617
Modified:
data/CVE/list
Log:
added missing severity info
some bug number updates, removed a dup entry, etc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-30 10:28:53 UTC (rev 2616)
+++ data/CVE/list 2005-10-30 21:11:23 UTC (rev 2617)
@@ -1,8 +1,8 @@
CVE-2005-XXXX [ntop format string vulnerability]
- - ntop <unfixed> (bug #335996; unknown)
+ - ntop <unfixed> (bug #335996; low)
NOTE: Possibly not exploitable
CVE-2005-XXXX [Firefox IFRAME buffer overflow]
- - mozilla-firefox <unfixed> (bug #336171; unknown)
+ - mozilla-firefox <unfixed> (bug #336171; medium)
CVE-2005-3341 [Insecure temp files in dhis-tools-dns]
- dhis-tools-dns 5.0-5
CVE-2005-XXXX [xdm: full-force SAINT attack crashes xdm]
@@ -13,19 +13,19 @@
- xorg-x11 <unfixed> (bug #172890; low)
- xfree86 <removed>
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
- - mantis <unfixed> (bug #330682; unknown)
+ - mantis 0.19.3-0.1 (bug #330682; unknown)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
- - mantis <unfixed> (bug #330682; low)
+ - mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
- - mantis <unfixed>
+ - mantis <unfixed> (low)
NOTE: Pinged Thijs Kinkhorst, who's preparing an update
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
- - mantis <unfixed>
+ - mantis 0.19.3-0.1 (high)
NOTE: Pinged Thijs Kinkhorst, who's preparing an update
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
- - mantis <unfixed> (bug #335938; medium)
+ - mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
- - flyspray <unfixed> (bug #335997)
+ - flyspray <unfixed> (bug #335997; low)
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
@@ -47,8 +47,8 @@
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
- - zope2.8 2.8.1-7 (bug #334055; unknown)
- - zope2.7 2.7.8-1 (bug #334055; unknown)
+ - zope2.8 2.8.1-7 (bug #334055; high)
+ - zope2.7 2.7.8-1 (bug #334055; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
TODO: check
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
@@ -75,7 +75,7 @@
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...)
- - phpbb2 <unfixed> (bug #335662)
+ - phpbb2 <unfixed> (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
@@ -215,7 +215,9 @@
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
- thttpd 2.23beta1-4 (low)
CVE-2005-XXXX [buffer overflow in inkscape]
- - inkscape <unfixed> (bug #330894)
+ NOTE: exploit may need a shellcode that is valid xml, so may not
+ NOTE: be exploitable for more than a DOS
+ - inkscape <unfixed> (bug #330894; low)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
@@ -273,19 +275,19 @@
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
CVE-2005-XXXX [HTTP Request smuggling in pound]
- - pound 1.9.4-1
+ - pound 1.9.4-1 (low)
NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
- linux-2.6 2.6.12-2
- kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
- - linux-2.6 2.6.13-1
- - kernel-source-2.6.8 2.6.8-16sarge1
- - kernel-source-2.4.27 2.4.27-10sarge1
+ - linux-2.6 2.6.13-1 (low)
+ - kernel-source-2.6.8 2.6.8-16sarge1 (low)
+ - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
- - linux-2.6 2.6.13-1
- - kernel-source-2.6.8 2.6.8-16sarge1
- - kernel-source-2.4.27 2.4.27-10sarge1
+ - linux-2.6 2.6.13-1 (low)
+ - kernel-source-2.6.8 2.6.8-16sarge1 (low)
+ - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
@@ -329,7 +331,7 @@
- libmad <unfixed> (bug #287519; low)
- mad <removed>
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
- - enigmail 2:0.93-1 (unknown)
+ - enigmail 2:0.93-1 (low)
CVE-2005-3253
RESERVED
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
@@ -381,7 +383,7 @@
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
- - clamav <unfixed>
+ - clamav <unfixed> (low)
NOTE: This was already forwarded to sgran; zobel any news yet?
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
NOT-FOR-US: Ikarus Antivirus
@@ -487,23 +489,23 @@
CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...)
- clamav <unfixed> (bug #333566)
CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...)
- - linux-2.6 2.6.12-11
+ - linux-2.6 2.6.12-11 (low)
NOTE: Might as well be 2.6.13-2, depending on the next upload
- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
- - php5 5.0.5-2
- - php4 4:4.4.0-3
+ - php5 5.0.5-2 (low)
+ - php4 4:4.4.0-3 (low)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
- - linux-2.6 2.6.12-11
+ - linux-2.6 2.6.12-11 (medium)
NOTE: Might as well be 2.6.13-2, depending on the next upload
- - kernel-source-2.4.27 2.4.27-12
+ - kernel-source-2.4.27 2.4.27-12 (medium)
NOTE: CVE requested
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
- - linux-2.6 2.6.13-2
+ - linux-2.6 2.6.13-2 (low)
- kernel-source-2.4.27 <not-affected>
NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
- - linux-2.6 2.6.12-11
+ - linux-2.6 2.6.12-11 (medium)
NOTE: Might as well be 2.6.13-2, depending on the next upload
- kernel-source-2.4.27 <not-affected>
NOTE: CVE requested
@@ -596,8 +598,9 @@
NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
{DSA-836-1 DSA-835-1}
- - cfengine <unfixed> (bug #332433)
- - cfengine2 <unfixed> (bug #332432)
+ - cfengine <unfixed> (bug #332433; low)
+ - cfengine2 <unfixed> (bug #332432; low)
+ NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
@@ -627,11 +630,11 @@
CVE-2005-3123 [Directory traversal in gnump3d]
RESERVED
{DSA-877-1}
- - gnump3d 2.9.6-1
+ - gnump3d 2.9.6-1 (medium)
CVE-2005-3122 [XSS in gnump3d's 404 page]
RESERVED
{DSA-877-1}
- - gnump3d 2.9.6-1
+ - gnump3d 2.9.6-1 (low)
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
{DSA-867-1}
- module-assistant 0.9.10
@@ -663,13 +666,13 @@
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
- - kernel-source-2.4.27 <unfixed>
+ - kernel-source-2.4.27 <unfixed> (low)
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
- - linux-2.6 <unfixed>
- - kernel-source-2.6.8 2.6.8-16sarge1
+ - linux-2.6 <unfixed> (low)
+ - kernel-source-2.6.8 2.6.8-16sarge1 (low)
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
- kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
@@ -697,15 +700,15 @@
NOTE: no exploit vector, just bad info
- clamav <unfixed> (bug #323803; unimportant)
CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
- - kernel-source-2.4.27 <unfixed> (bug #310982)
+ - kernel-source-2.4.27 <unfixed> (bug #310982; low)
+ NOTE: probably already fixed in testing, wrote for confirmation
CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
- kdebase 4:3.3.1-1 (bug #278002; low)
TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well
CVE-2003-XXXX [Incomplete reporting of failed logins in login]
- login 1:4.0.3-36 (bug #192849)
CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
- - openldap2.2 <unfixed> (bug #260204)
- TODO: Probably fix already uploaded? -> followup
+ - openldap2.2 <unfixed> (bug #260204; unimportant)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
@@ -713,14 +716,14 @@
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
- libnss-ldap 199-1 (bug #169793)
CVE-2004-XXXX [Firefox doesn't clear all cookies]
- - mozilla-firefox <unfixed> (bug #203034; bug #235932)
+ - mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
TODO: Re-check this, most probably fixed by now
CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
- - amanda <unfixed> (bug #226139; unknown)
+ - amanda <unfixed> (bug #226139; low)
CVE-2004-XXXX [Potential buffer overflow in firebird2]
- firebird2 <unfixed> (bug #264453; unknown)
CVE-2004-XXXX [Buffer overflow in wdm's login]
- - wdm <unfixed> (bug #276218; unknown)
+ - wdm <unfixed> (bug #276218; low)
CVE-2005-XXXX [Unsafe string landling in ldapdiff]
- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
@@ -732,7 +735,7 @@
CVE-2005-XXXX [Potential xlockmore bypass]
- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
- - hdup <unfixed> (bug #302790)
+ - hdup <unfixed> (bug #302790; low)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
- crypt++el <unfixed> (bug #105562; low)
CVE-2004-XXXX [Two vulnerabilities in sredird]
@@ -759,8 +762,6 @@
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
- sanitizer <unfixed> (bug #149799; medium)
TODO: We should followup, this is probably fixed since the last three years
-CVE-2005-XXXX [hdup does not preserve directory permissions]
- - hdup <unfixed> (bug #302790)
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
@@ -795,7 +796,7 @@
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
- - mantis <unfixed> (bug #330682; unknown)
+ - mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
@@ -880,7 +881,7 @@
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki <unfixed> (bug #282565; medium)
CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
- - php4 <unfixed> (bug #317577; bug #330419; unknown)
+ - php4 <unfixed> (bug #317577; bug #330419; low)
NOTE: Maintainer can't reproduce
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
- gnumach <unfixed> (bug #46709)
@@ -1082,7 +1083,7 @@
- netpbm-free 2:10.0-10
CVE-2005-2977 [pam vulnerable to brute force attacks when using SELinux]
RESERVED
- - pam <unfixed> (bug filed)
+ - pam <unfixed> (bug #336344; medium)
[sarge] - pam <not-affected> (Does not contain SELinux support)
[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976
@@ -1093,7 +1094,7 @@
RESERVED
CVE-2005-2973 [Kernel 2.6 ipv6 local DoS vulnerability]
RESERVED
- - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1
+ - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
- kernel-source-2.4.27 <unfixed>
TODO: Check, whether this is fixed in sid's 2.4.27
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
@@ -1136,8 +1137,9 @@
NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
{DSA-836-1 DSA-835-1}
- - cfengine <unfixed>
- - cfengine2 <unfixed>
+ - cfengine <unfixed> (bug #332433; low)
+ - cfengine2 <unfixed> (bug #332432; low)
+ NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2) PS4 ...)
{DSA-870-1}
- sudo 1.6.8p9-3 (medium)
@@ -11600,7 +11602,7 @@
- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
NOTE: According to a question on linux-kernel 2.6 is not vulnerable
- - kernel-source-2.4.27 2.4.27-12 (bug #296700)
+ - kernel-source-2.4.27 2.4.27-12 (bug #296700; high)
CVE-2005-0203
REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
@@ -12166,8 +12168,8 @@
CVE-2005-0024
RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
- - gnome-libs <unfixed> (bug #329156)
- - vte <unfixed> (bug #330907)
+ - gnome-libs <unfixed> (bug #329156; low)
+ - vte <unfixed> (bug #330907; low)
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
More information about the Secure-testing-commits
mailing list